NCSC: It's Time for CISOs to Prioritize Accessibility

A leading UK security agency has urged organizations to help reduce cyber risk by ensuring accessibility is built into cybersecurity policies, processes and technologies.

Lee C from the NCSC’s Sociotechnical and Risk Group cited government statistics revealing that nearly a quarter (22%) of British working age adults are disabled, with 4.9 million currently in the workforce.

“There are many reasons to address accessibility, whether meeting legal requirements, delivering better operational outcomes, or attracting and retaining a more diverse set of talent,” he argued.

“Addressing accessibility also provides cybersecurity benefits by making systems more usable and making human errors or workarounds less likely. Conversely, if we fail to consider accessibility, these risks increase.”

He gave several examples of how security can be inaccessible for some people. These include awareness campaigns not written in simple language; complex interfaces and audio-only/visual-only warnings; and color schemes that may be inappropriate for those with color blindness.

Lee C argued that accessibility is often seen as “someone else’s responsibility,” or that usability and security cannot co-exist.

“This is surprising given the number of incidents which still claim ‘human error’ as a contributing factor,” he added.

“Considering accessibility within your security requirements is a great way of ensuring that you are actively considering your ‘human factors risks,’ and that you are stress testing your security against the conditions where people will find it most difficult to use, and where human errors will be most likely.”

The NCSC recommends that security leaders:

Consult more in their security decision-making processes and encourage feedback
Be open to different ways of realizing their security requirements: i.e., don’t compromise on the “what” but be flexible on the “how”
Treat accessibility and usability as an intrinsic part of any security requirement, rather than a separate add on, including asking vendors for accessibility statements on their products

NCSC: It's Time for CISOs to Prioritize Accessibility

Phil Muncaster

You may also like

Securing Perimeter Products Must Be a Priority, Says NCSC

UK Government Sets Out Vision for NHS Cybersecurity

#CyberUK18: Could Board Awareness & Basics Save Britain?

#CyberUK18: Bank of England Calls for More Cyber Translators

NCSC Rolls out Active Cyber Defense Government Programs

What’s hot on Infosecurity Magazine?

Microsoft Fixes Three Zero-Days in May Patch Tuesday

China Presents Defining Challenge to Global Cybersecurity, Says GCHQ

Ebury Botnet Operators Diversify with Financial and Crypto Theft

Hackers Use DNS Tunneling to Scan and Track Victims

UK Insurance and NCSC Join Forces to Fight Ransomware Payments

AI-Powered Russian Network Pushes Fake Political News

RSAC: CISA Launches Vulnrichment Program to Address NVD Challenges

RSAC: How CISOs Should Protect Themselves Against Indictments

Hackers Use DNS Tunneling to Scan and Track Victims

RSAC: Three Strategies to Boost Open-Source Security

Kaseya CISO on Preparing Effectively for the Next Cyber Incident

RSAC: Why Cybersecurity Professionals Have a Duty to Secure AI

Why DDoS Simulation Testing is Critical for Proactive Network Defense

Supply Chain Cybersecurity: How to Mitigate Third-Party Risks?

Is MFA Enough? Strategies for Next-Level Identity Security in 2024

Disinformation Defense: Protecting Businesses from the New Wave of AI-Powered Cyber Threats

Adapting to Tomorrow's Threat Landscape: AI's Role in Cybersecurity and Security Operations in 2024

How to Secure Remote Connectivity within Operational Technology Environments

Women in Cybersecurity at Infosecurity Europe 2024

RSAC: CISA Launches Vulnrichment Program to Address NVD Challenges

LockBit Leader aka LockBitSupp Identity Revealed

How to Proactively Remediate Rising Web Application Threats

Learn from the NHS - Proactive Password Security for Improved Cybersecurity

Live Roundtable Event: Secure Enterprise Browsing, New Ways to Strengthen Endpoint Security

NCSC: It's Time for CISOs to Prioritize Accessibility

Written by

You may also like

What’s hot on Infosecurity Magazine?